Semicolon Injection Vulnerability in D-Link DCS-2121 Camera
CVE-2010-4964

Currently unrated

Key Information:

Vendor: D-Link
Status: Dcs-2121 Firmware; Dcs-2121
Vendor: CVE Published:; 16 October 2011

Summary

The D-Link DCS-2121 camera with firmware version 1.04 is susceptible to a semicolon injection vulnerability through the recorder_test.cgi interface. This flaw allows remote attackers to perform arbitrary command execution by exploiting the Password field to inject shell metacharacters. As a result, unauthorized users may gain control over the device, leading to potential security breaches and compromised camera functionality.

References

http://www.openwall.com/lists/oss-security/2011/09/10/1

mailing-listx_refsource_MLIST

http://newsoft-tech.blogspot.com/2010/09/d-link-dcs-2121-...

x_refsource_MISC

http://www.openwall.com/lists/oss-security/2011/09/14/4

mailing-listx_refsource_MLIST

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Oct 16, 2011